[weiden] 13237: don't copy the entire security descriptor to the stack in SeCaptureSecurityDescriptor() when previous mode is kernel mode and capturing for kernel mode is undesired - Ros-diffs

24 Jan 2005

don't copy the entire security descriptor to the stack in
SeCaptureSecurityDescriptor() when previous mode is kernel mode and
capturing for kernel mode is undesired
Modified: trunk/reactos/ntoskrnl/se/sd.c
  _____  

Modified: trunk/reactos/ntoskrnl/se/sd.c

--- trunk/reactos/ntoskrnl/se/sd.c	2005-01-23 23:51:40 UTC (rev
13236)
+++ trunk/reactos/ntoskrnl/se/sd.c	2005-01-24 00:09:04 UTC (rev
13237)
@@ -154,18 +154,22 @@

         return Status;
       }
     }
+    else if(!CaptureIfKernel)
+    {
+      if(OriginalSecurityDescriptor->Revision !=
SECURITY_DESCRIPTOR_REVISION1)
+      {
+        return STATUS_UNKNOWN_REVISION;
+      }
+      
+      *CapturedSecurityDescriptor = OriginalSecurityDescriptor;
+      return STATUS_SUCCESS;
+    }
     else
     {
       /* make a copy on the stack */
       DescriptorCopy = *OriginalSecurityDescriptor;
     }
     
-    if(CurrentMode == KernelMode && !CaptureIfKernel)
-    {
-      *CapturedSecurityDescriptor = OriginalSecurityDescriptor;
-      return STATUS_SUCCESS;
-    }
-    
     if(DescriptorCopy.Revision != SECURITY_DESCRIPTOR_REVISION1)
     {
       return STATUS_UNKNOWN_REVISION;



    